metalefty/openssh
1
0
Fork 0
forked from rpms/openssh
Code Pull Requests Activity
9a48c48aa4
openssh/SOURCES/openssh-8.0p1-CVE-2025-26465.patch

58 lines
2.0 KiB
Diff
Raw Blame History

diff --git a/openssh-8.0p1/krl.c b/openssh-8.0p1/krl.c
index 8e2d5d5..e5b046d 100644
--- a/openssh-8.0p1/krl.c
+++ b/openssh-8.0p1/krl.c
@@ -676,6 +676,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
break;
case KRL_SECTION_CERT_SERIAL_BITMAP:
if (rs->lo - bitmap_start > INT_MAX) {
+ r = SSH_ERR_INVALID_FORMAT;
error("%s: insane bitmap gap", __func__);
goto out;
}
@@ -1011,6 +1012,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
goto out;
if ((krl = ssh_krl_init()) == NULL) {
+ r = SSH_ERR_ALLOC_FAIL;
error("%s: alloc failed", __func__);
goto out;
}
diff --git a/openssh-8.0p1/sshconnect2.c b/openssh-8.0p1/sshconnect2.c
index ce855eb..9650b24 100644
--- a/openssh-8.0p1/sshconnect2.c
+++ b/openssh-8.0p1/sshconnect2.c
@@ -95,7 +95,7 @@ struct sockaddr *xxx_hostaddr;
static int
verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh)
{
- if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
+ if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) != 0)
fatal("Host key verification failed.");
return 0;
}
@@ -767,6 +767,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
if ((pktype = sshkey_type_from_name(pkalg)) == KEY_UNSPEC) {
debug("%s: server sent unknown pkalg %s", __func__, pkalg);
+ r = SSH_ERR_INVALID_FORMAT;
goto done;
}
if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
@@ -777,6 +778,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
error("input_userauth_pk_ok: type mismatch "
"for decoded key (received %d, expected %d)",
key->type, pktype);
+ r = SSH_ERR_INVALID_FORMAT;
goto done;
}
@@ -796,6 +798,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
SSH_FP_DEFAULT);
error("%s: server replied with unknown key: %s %s", __func__,
sshkey_type(key), fp == NULL ? "<ERROR>" : fp);
+ r = SSH_ERR_INVALID_FORMAT;
goto done;
}
ident = format_identity(id);
View Git Blame Copy Permalink